Configure Kerberos authentication for Hadoop clients (CLI)
If you want Hadoop compute clients running Hadoop 2.2 and later to connect to an access zone through Kerberos, you must modify the
core-site.xml and
hdfs-site.xml files on the Hadoop clients.
Kerberos must be set as the HDFS authentication method in the access zone and a Kerberos authentication provider must be configured and assigned to the access zone.
Note that if you are changing the
core-site.xml and
hdfs-site.xml files directly with an editor per the instructions below, this will work, but those changes will likely be overwritten. This is because these two configuration files are frequently overwritten by the Ambari or Cloudera Navigator user interfaces. Therefore, if you are managing the cluster with Ambari or Cloudera Navigator, we recommend that you use their respective user interfaces to make any configuration changes.
Go to the
$HADOOP_CONF directory on your Hadoop client.
Open the
core-site.xml file in a text editor.
Set the value of the hadoop.security.token.service.use_ip property to
false as shown in the following example:
Set the value of the dfs.namenode.kerberos.principal.pattern property to the Kerberos realm configured in the Kerberos authentication provider as shown in the following example: